Line 32: |
Line 32: |
| ---- | | ---- |
| | | |
| + | First we will generate our CA cert. Login to the router's WebUI and go to '''System → Administration → Certificates'''. |
| | | |
− | ====Generating CA Cert==== | + | ====Certificates Generation==== |
| ---- | | ---- |
| | | |
| First we will generate our CA cert. | | First we will generate our CA cert. |
| | | |
− | * Login to the router's WebUI and go to '''System → Administration → Certificates'''.
| + | Follow the steps below to generate a CA certificate. |
| + | |
| The following are the settings used for this example, but values should be changed depending on your specific needs: | | The following are the settings used for this example, but values should be changed depending on your specific needs: |
| | | |
− | - File Type: '''''CA'''''
| + | 1. File Type: '''''CA''''' |
| | | |
− | - Key Size: '''''1024'''''
| + | 2. Key Size: '''''1024''''' |
| | | |
− | - Name (CN): '''''CAIPSec''''' // This can be whatever name you choose.
| + | 3. Name (CN): '''''CAIPSec''''' // This can be whatever name you choose. |
| | | |
− | - Subject Information: '''''Toggled On''''' // It is recommended to fill out at least Country Code, State/Province and Organization Name.
| + | 4. Subject Information: '''''Toggled On''''' // It is recommended to fill out at least Country Code, State/Province and Organization Name. |
| | | |
− | - Country Code (CC): '''''US''''' // Fill your country code
| + | 5. Country Code (CC): '''''US''''' // Fill your country code |
| | | |
− | - State or Province Name (ST): '''''TX''''' // Fill your State/Province name
| + | 6. State or Province Name (ST): '''''TX''''' // Fill your State/Province name |
| | | |
− | - Locality Name (L): '''''CAIPSec''''' // Fill your locality name, or at least a recognizable name for your CA
| + | 7. Locality Name (L): '''''CAIPSec''''' // Fill your locality name, or at least a recognizable name for your CA |
| | | |
− | - Organization Name (O): '''''CAIPSec''''' // Fill your Organization name
| + | 8. Organization Name (O): '''''CAIPSec''''' // Fill your Organization name |
| | | |
− | - Organizational Unit Name (OU): '''''CAIPSEC''''' // Fill your specific Unit Name
| + | 9. Organizational Unit Name (OU): '''''CAIPSEC''''' // Fill your specific Unit Name |
| | | |
− | - '''''Generate''''' Certificate
| + | 10. '''''Generate''''' Certificate |
| <br> | | <br> |
| | | |
Line 72: |
Line 74: |
| | | |
| <br> | | <br> |
− | Next we need to sign the CAIPSec CA. We will be Self-Signing our own CA.
| |
− | Under the '''Certificate signing''' configure as follows:
| |
| | | |
− | - Signed Certificate Name: '''''CAIPSec'''''
| + | Follow the steps below to generate a RUT1 client certificate. |
| + | |
| + | The following are the settings used for this example, but values should be changed depending on your specific needs: |
| + | |
| + | 1. File Type: '''''Client''''' |
| + | |
| + | 2. Key Size: '''''1024''''' |
| + | |
| + | 3. Name (CN): '''''RUT1''''' // This can be whatever name you choose. |
| + | |
| + | 4. Subject Information: '''''Toggled On''''' // It is recommended to fill out at least Country Code, State/Province and Organization Name. |
| | | |
− | - Type of Certificate to Sign: '''''Certificate Authority'''''
| + | 5. Country Code (CC): '''''US''''' // Fill your country code |
| | | |
− | - Certificate Request File: '''''CAIPSec.req.pem'''''
| + | 6. State or Province Name (ST): '''''TX''''' // Fill your State/Province name |
| | | |
− | - Days Valid: '''''3650''''' // For this example we will use 3650 days, but you can configure this to be longer if needed. I would caution against too long of a CA.
| + | 7. Locality Name (L): '''''RUT1''''' // Fill your locality name, or at least a recognizable name for your CA |
| | | |
− | - Certificate Authority Key: '''''CAIPSec.key.pem'''''
| + | 8. Organization Name (O): '''''RUT1''''' // Fill your Organization name |
| | | |
− | - Leave the rest of the configuration default
| + | 9. Organizational Unit Name (OU): '''''RUT1''''' // Fill your specific Unit Name |
| | | |
− | - '''''Sign'''''
| + | 10. '''''Generate''''' Certificate |
| <br> | | <br> |
| | | |
− | [[File:IPSec CA Cert Signing.png|none|none]] | + | [[File:IPSec RUT1 Cert Generating.png|none|none]] |
| | | |
| <br> | | <br> |
− | After you hit *Sign* the CA cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.cert.pem under *Certificates*. | + | After you hit Generate the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.key.pem under *Keys* and a RUT1.req.pem under *Certificate requests*. |
| <br> | | <br> |
| | | |
− | [[File:IPSec CA Cert Generating Confirmation2.png|none|none]] | + | [[File:IPSec RUT1 Cert Generating Confirmation.png|none|none]] |
| + | |
| <br> | | <br> |
| | | |
− | ====Generating Rut1 Client Cert====
| + | We will still generate RUT2 certs on the RUT1 device, so that we can sign our certs with the CA created earlier. |
− | ----
| + | Later we will download the certs required for RUT2 and import them there. |
| + | |
| + | Follow the steps below to generate a RUT2 client certificate. |
| | | |
− | * Login to the router's WebUI and go to '''System → Administration → Certificates'''.
| |
| The following are the settings used for this example, but values should be changed depending on your specific needs: | | The following are the settings used for this example, but values should be changed depending on your specific needs: |
| | | |
− | - File Type: '''''Client'''''
| + | 1. File Type: '''''Client''''' |
| | | |
− | - Key Size: '''''1024'''''
| + | 2. Key Size: '''''1024''''' |
| | | |
− | - Name (CN): '''''RUT1''''' // This can be whatever name you choose.
| + | 3. Name (CN): '''''RUT2''''' // This can be whatever name you choose. |
| | | |
− | - Subject Information: '''''Toggled On''''' // It is recommended to fill out at least Country Code, State/Province and Organization Name.
| + | 4. Subject Information: '''''Toggled On''''' // It is recommended to fill out at least Country Code, State/Province and Organization Name. |
| | | |
− | - Country Code (CC): '''''US''''' // Fill your country code
| + | 5. Country Code (CC): '''''US''''' // Fill your country code |
| | | |
− | - State or Province Name (ST): '''''TX''''' // Fill your State/Province name
| + | 6. State or Province Name (ST): '''''TX''''' // Fill your State/Province name |
| | | |
− | - Locality Name (L): '''''RUT1''''' // Fill your locality name, or at least a recognizable name for your CA
| + | 7. Locality Name (L): '''''RUT2''''' // Fill your locality name, or at least a recognizable name for your CA |
| | | |
− | - Organization Name (O): '''''RUT1''''' // Fill your Organization name
| + | 8. Organization Name (O): '''''RUT2''''' // Fill your Organization name |
| | | |
− | - Organizational Unit Name (OU): '''''RUT1''''' // Fill your specific Unit Name
| + | 9. Organizational Unit Name (OU): '''''RUT2''''' // Fill your specific Unit Name |
| | | |
− | - '''''Generate''''' Certificate
| + | 10. '''''Generate''''' Certificate |
| <br> | | <br> |
| | | |
− | [[File:IPSec RUT1 Cert Generating.png|none|none]] | + | [[File:IPSec RUT2 Cert Generating.png|none|none]] |
| | | |
| <br> | | <br> |
− | After you hit Generate the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.key.pem under *Keys* and a RUT1.req.pem under *Certificate requests*. | + | After you hit Generate the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT2.key.pem under *Keys* and a RUT2.req.pem under *Certificate requests*. |
| <br> | | <br> |
| | | |
− | [[File:IPSec RUT1 Cert Generating Confirmation.png|none|none]] | + | [[File:IPSec RUT2 Cert Generating Confirmation.png|none|none]] |
| | | |
− | <br>
| + | ====Signing Certificates==== |
| + | ---- |
| | | |
− | Next we need to sign the RUT1 cert. | + | Next we need to sign the CAIPSec CA. We will be Self-Signing our own CA. |
− | Under the `Certificate signing` configure as follows: | + | Under the '''Certificate signing''' configure as follows: |
− | | |
− | - Signed Certificate Name: '''''RUT1'''''
| |
| | | |
− | - Type of Certificate to Sign: '''''Client Certificate'''''
| + | 1. Signed Certificate Name: '''''CAIPSec''''' |
| | | |
− | - Certificate Request File: '''''RUT1.req.pem'''''
| + | 2. Type of Certificate to Sign: '''''Certificate Authority''''' |
| | | |
− | - Days Valid: '''''3650'''''
| + | 3. Certificate Request File: '''''CAIPSec.req.pem''''' |
| | | |
− | - Certificate Authority File: '''''CAIPSec.cert.pem'''''
| + | 4. Days Valid: '''''3650''''' // For this example we will use 3650 days, but you can configure this to be longer if needed. I would caution against too long of a CA. |
| | | |
− | - Certificate Authority Key: '''''CAIPSec.key.pem'''''
| + | 5. Certificate Authority Key: '''''CAIPSec.key.pem''''' |
| | | |
− | - Leave the rest of the configuration alone
| + | 6. Leave the rest of the configuration default |
| | | |
− | - '''''Sign'''''
| + | 7. '''''Sign''''' |
| <br> | | <br> |
| | | |
− | [[File:IPSec RUT1 Cert Signing.png|none|none]] | + | [[File:IPSec CA Cert Signing.png|none|none]] |
| | | |
| <br> | | <br> |
− | After you hit *Sign* the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.cert.pem under *Certificates*. | + | After you hit *Sign* the CA cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.cert.pem under *Certificates*. |
| <br> | | <br> |
| | | |
− | [[File:IPSec RUT1 Cert Manager Check.png|none|none]] | + | [[File:IPSec CA Cert Generating Confirmation2.png|none|none]] |
− | | |
| <br> | | <br> |
| | | |
− | ====Generating Rut2 Client Cert====
| + | Next we need to sign the RUT1 cert. |
− | ----
| + | Under the `Certificate signing` configure as follows: |
| | | |
− | We will still generate RUT2 certs on the RUT1 device, so that we can sign our certs with the CA created earlier.
| + | 1. Signed Certificate Name: '''''RUT1''''' |
− | Later we will download the certs required for RUT2 and import them there.
| |
| | | |
− | * Login to the router's WebUI and go to '''System → Administration → Certificates'''.
| + | 2. Type of Certificate to Sign: '''''Client Certificate''''' |
− | The following are the settings used for this example, but values should be changed depending on your specific needs:
| |
| | | |
− | - File Type: '''''Client'''''
| + | 3. Certificate Request File: '''''RUT1.req.pem''''' |
| | | |
− | - Key Size: '''''1024'''''
| + | 4. Days Valid: '''''3650''''' |
| | | |
− | - Name (CN): '''''RUT2''''' // This can be whatever name you choose.
| + | 5. Certificate Authority File: '''''CAIPSec.cert.pem''''' |
| | | |
− | - Subject Information: '''''Toggled On''''' // It is recommended to fill out at least Country Code, State/Province and Organization Name.
| + | 6. Certificate Authority Key: '''''CAIPSec.key.pem''''' |
| | | |
− | - Country Code (CC): '''''US''''' // Fill your country code
| + | 7. Leave the rest of the configuration alone |
| | | |
− | - State or Province Name (ST): '''''TX''''' // Fill your State/Province name
| + | 8. '''''Sign''''' |
| + | <br> |
| | | |
− | - Locality Name (L): '''''RUT2''''' // Fill your locality name, or at least a recognizable name for your CA
| + | [[File:IPSec RUT1 Cert Signing.png|none|none]] |
| | | |
− | - Organization Name (O): '''''RUT2''''' // Fill your Organization name
| + | <br> |
− | | + | After you hit *Sign* the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.cert.pem under *Certificates*. |
− | - Organizational Unit Name (OU): '''''RUT2''''' // Fill your specific Unit Name
| |
− | | |
− | - '''''Generate''''' Certificate | |
| <br> | | <br> |
| | | |
− | [[File:IPSec RUT2 Cert Generating.png|none|none]] | + | [[File:IPSec RUT1 Cert Manager Check.png|none|none]] |
| | | |
| <br> | | <br> |
− | After you hit Generate the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT2.key.pem under *Keys* and a RUT2.req.pem under *Certificate requests*.
| |
− | <br>
| |
− |
| |
− | [[File:IPSec RUT2 Cert Generating Confirmation.png|none|none]]
| |
| | | |
| <br> | | <br> |
Line 208: |
Line 210: |
| Under the `Certificate signing` configure as follows: | | Under the `Certificate signing` configure as follows: |
| | | |
− | - Signed Certificate Name: '''''RUT2'''''
| + | 1. Signed Certificate Name: '''''RUT2''''' |
| | | |
− | - Type of Certificate to Sign: '''''Client Certificate'''''
| + | 2. Type of Certificate to Sign: '''''Client Certificate''''' |
| | | |
− | - Certificate Request File: '''''RUT2.req.pem'''''
| + | 3. Certificate Request File: '''''RUT2.req.pem''''' |
| | | |
− | - Days Valid: '''''3650'''''
| + | 4. Days Valid: '''''3650''''' |
| | | |
− | - Certificate Authority File: '''''CAIPSec.cert.pem'''''
| + | 5. Certificate Authority File: '''''CAIPSec.cert.pem''''' |
| | | |
− | - Certificate Authority Key: '''''CAIPSec.key.pem'''''
| + | 6. Certificate Authority Key: '''''CAIPSec.key.pem''''' |
| | | |
− | - Leave the rest of the configuration alone
| + | 7. Leave the rest of the configuration alone |
| | | |
− | - '''''Sign'''''
| + | 8. '''''Sign''''' |
| <br> | | <br> |
| | | |